CVE-2012-10051
Severity CVSS v4.0:
HIGH
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
08/08/2025
Last modified:
08/08/2025
Description
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
Impact
Base Score 4.0
8.40
Severity 4.0
HIGH
References to Advisories, Solutions, and Tools
- https://archive.org/details/PhotodexProShowProducer7.0.3514Keymaker_20180127
- https://erinkrespan.com/what-happened-to-photodex-proshow-producer/
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rb
- https://web.archive.org/web/20120727035341/http://security.inshell.net/advisory/30
- https://www.exploit-db.com/exploits/19563
- https://www.exploit-db.com/exploits/20109
- https://www.fortiguard.com/encyclopedia/ips/32753
- https://www.vulncheck.com/advisories/photodex-proshow-producer-load-file-handling-buffer-overflow
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/proshow_load_bof.rb
- https://www.exploit-db.com/exploits/19563
- https://www.exploit-db.com/exploits/20109